Privacy Policy

Effective Date: 4th February 2025
Last Updated: 31st January 2025

Welcome to the Webspad Office Portal ("Portal"), accessible at https://office.webspad.in. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you access or use our Portal. By using the Portal, you agree to the terms of this Privacy Policy.

If you do not agree with the practices described herein, please do not use the Portal.

🔍 1. Data We Collect

We may collect the following types of information:

a. Personal Information

  • Full Name
  • Email Address
  • Phone Number
  • Job Title/Role
  • Company Information

b. Login & Authentication Data

  • Username and Password (securely encrypted)
  • IP Address and Device Information
  • Session Activity Logs

c. Usage Data

  • Pages visited within the Portal
  • Features accessed and usage patterns
  • Date and time of interactions

📥 2. How We Collect Data

  • Directly from You: When you create an account, update your profile, or contact support.
  • Automatically: Through cookies, server logs, and tracking technologies when you access the Portal.
  • Third-Party Integrations: If you connect with authorized third-party tools (with your consent).

⚙️ 3. How We Use Your Data

We use the collected data to:

  • Provide and manage Portal access and features.
  • Improve Portal performance, security, and user experience.
  • Respond to support requests and communicate important updates.
  • Monitor for suspicious activities and prevent unauthorized access.
  • Comply with legal obligations and internal policies.

🔐 4. Data Protection & Security

We implement strict security measures, including:

  • SSL/TLS Encryption for all data in transit.
  • AES-256 Encryption for data at rest within our databases.
  • Role-Based Access Control (RBAC) to limit data exposure.
  • Regular Security Audits and vulnerability checks.
  • Password Hashing using bcrypt to protect login credentials.

While we take robust measures, no system is 100% secure. We encourage strong passwords and two-factor authentication for additional protection.

🤝 5. Data Sharing & Disclosure

We do NOT sell, rent, or trade your data.
Your data may be shared with:

  • Authorized Webspad employees for business operations.
  • Service Providers (e.g., cloud hosting) under strict data processing agreements.
  • Regulatory Authorities if required by law, subpoena, or legal process.

🌍 6. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence.

  • We ensure that data transfers are conducted in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
  • Where required, we implement Standard Contractual Clauses (SCCs) or other approved mechanisms to safeguard cross-border data transfers.

🔗 7. Third-Party Integrations

The Portal may integrate with third-party applications to enhance functionality.

  • Examples include: Cloud hosting services, email communication tools, and analytics platforms.
  • Third-party services are bound by their privacy policies. We encourage users to review these policies before authorizing integrations.
  • Data shared with third parties is limited to what is necessary for the integration to function effectively.

🚨 8. Incident Response Protocols

In the event of a data breach or security incident, Webspad follows a defined Incident Response Plan:

  • Detection: Continuous monitoring of system logs to identify suspicious activities.
  • Assessment: Investigation of potential breaches to determine the scope and impact.
  • Containment: Immediate steps to limit the breach and prevent further data exposure.
  • Notification: If your data is affected, you will be notified within 72 hours of breach confirmation, as required by applicable laws.
  • Remediation: Implement corrective measures to prevent recurrence and strengthen security controls.

🗃️ 9. Data Retention Policy

We retain your data only as long as necessary to:

  • Fulfill the purposes outlined in this policy.
  • Comply with legal, accounting, or reporting obligations.
  • Support business continuity and data recovery processes.

Upon termination of your account, your data will be securely archived or deleted following our retention schedule.

10. Your Rights (Under GDPR & Applicable Laws)

You have the right to:

  • Access your data.
  • Rectify inaccurate or incomplete information.
  • Request Deletion ("Right to be Forgotten") where legally applicable.
  • Restrict Processing under specific conditions.
  • Data Portability for transferring your data to another service.
  • Withdraw Consent at any time (without affecting prior lawful processing).

To exercise these rights, contact us at support@webspad.in.

🍪 11. Cookies & Tracking Technologies

The Portal uses cookies to:

  • Enhance user experience.
  • Track session activities for security purposes.
  • Remember login credentials (if opted-in).

You can manage or disable cookies in your browser settings, but this may affect Portal functionality.

🔄 12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date.

  • Major Changes: Users will receive an email notification.
  • Minor Changes: Posted directly within the Portal.

Your continued use of the Portal after updates signifies your acceptance of the revised policy.

📦 13. Data Encryption Standards

  • Data in Transit: Protected using SSL/TLS 1.2+ encryption.
  • Data at Rest: Encrypted using AES-256 encryption, a government-grade security standard.
  • Password Encryption: All passwords are hashed using the bcrypt algorithm with salting for enhanced protection.
  • Key Management: Encryption keys are stored securely with restricted access to authorized personnel only.

💾 14. Backup Policies

  • Automated Backups: Daily automated backups are performed to ensure data integrity.
  • Backup Encryption: All backup data is encrypted both in transit and at rest.
  • Disaster Recovery: In the event of data loss, backups can be restored within 24 hours.
  • Backup Retention: Backups are retained for a maximum of 30 days before secure deletion.

👥 15. Employee Data Handling Protocols

  • Access Control: Only employees with a legitimate business need to have access to personal data.
  • Confidentiality Agreements: All employees handling user data must sign Non-Disclosure Agreements (NDAs).
  • Regular Training: Staff receive ongoing data protection training to ensure compliance with privacy best practices.
  • Monitoring: Employee access to sensitive data is monitored and logged for audit purposes.

📧 16. Contact Information

For any questions or concerns regarding this Privacy Policy, please contact us: